Three Good Examples of GDPR Breach Notification Emails
19 Sep 2018
The GDPR may have made you focus on your mailing lists, but the GDPR has brought a whole range of new rules. One of them is breach notification. If you or your technology providers suffer a data breach you may need to reach out to all your customers, subscribers and everyone else still in your system. You can find the full notification requirements here: ICO: Personal data breaches
The difficult thing with breach notifications is getting that wording right so here are three recent examples that I think are worth sharing and why I think they’re effective.
Example 1: British Airways (BA)
Subject line: Theft of Customer Data
The subject line is clear, the copy is minimal and overall it gets right to the point. Whilst reassuring the customer that the matter is resolved, it also gives customers advice on how to reduce risk.
I think it’s great that they include a link for further information where customers can get the latest details. The email would be more useful if the link directed to the dedicated page opposed to BA’s homepage where customers need to scroll down to find the link.
Example 2: American Express
Subject line: We are protecting your Account
Leading on from British Airway’s example, as a partner company American Express did a fantastic job in giving customers the additional reassurance that they are protected by their credit card provider too.
Example 3: Superdrug
Subject line: Security Notice
Information of the breach is provided with detail but Superdrug bolded important points making the email skimmable.
As with BA’s example, addressing the email from the CEO helps to highlight that the data breach is addressed with importance.
Superdrugs could consider a subject line or header that is more specific to the breach and not repeated (“Security Notice”) to easily give customers more information at a glance.